It may now be largely forgotten, but in 2002 the Chinese bought a Boeing 767 aircraft, which they intended to use as a presidential plane. It should not be a problem, as Boeing is an independent company, shouldn't it? No reason to believe they are in disguise working for the US security agencies? Well yes. When the aircraft had been delivered, the Chinese found that it was bugged. “A search of the twin-engined aircraft, which was manufactured and fitted out in America, yielded 27 devices, according to Chinese officials, hidden in its seats, lavatory and panelling.” Apparently the Chinese after that never dared to put it to the intended use as they were not sure they had found all the devices.
This seems to be normal business. And after the Snowden spying revelations it is clear that this is extended to almost any sphere you can think of.
So can we trust a US company not to spy on us? Apparently not. If equipment or software is bought from a US company – no-no, not a state owned company – this company is apparently forced to cooperate with the US security services. And until the Snowden revelations, they have done that without any major resistance. All the big ones: Google, Microsoft, Cisco, IBM – you name it. And it is strictly forbidden that they confirm, that they are cooperating. So they apparently leave “back-ports”, weakened security measures, and perhaps even “killer-buttons”, in the equipment and software they deliver. And this is whatthe US argues will happen if you buy from the Chinese. Apparently, they know, what they are talking about.
Perhaps the US critics are right. Perhaps Huawei would use its position to spy on other countries, as they do themselves. It is difficult to tell. But a reason they just may not do it is that it would exclude them from foreign markets in the future, and they don't have a position just to ignore this risk (as seemingly the US firms think they have).
What can an independent country do in this case?For sure it can't trust US companies. So it seems the first advice is to stay clear of US companies, whenever it is possible. Because the case is proven that they will spy on you. This seems to be the conclusion that some governments are arriving at – it may be too early to say, but it appears that several US companies have lost orders recently due to the “Snowden effect”. An example is that CISCO, a major producer of routers and switches, has reported a drop in sales in China. Other companies may follow.
And for software, the advice would be to stick to open source software. It is rumoured that NSA also has approached the Free Software Foundation, responsible for the open source operating system Linux, so it might be argued that it doesn't matter what you do – they will spy on you anyway. However, it may be that open source software is less at risk, as access is open so everyone can check it line-by-line for back ports or other nasty hidden bugs (even if that may imply a lot of trouble, as it will then have to be cleaned for all proprietary software, including the proprietary drivers, where nasty surprises may be hidden in the binary code).
Driven partly by security worries, and partly by a strive for cost saving, several countries have for years had a stated policy to switch to open source software, among these Brazil, India, Russia and China (plus a lot of smaller developing countries as Argentina, Venezuela and Cuba). The switch to open source seems to progress much slower than foreseen, as it apparently is not so simple, but expect the Snowden revelations to bring new life into these efforts.